Web-based authentication provides network admission control through web browser to any host devices and operating systems.

STP Bridge Protocol Data Unit (BPDU) Guard

A security mechanism to protect the network from invalid configurations. A port enabled for BPDU Guard is shut down if a BPDU message is received on that port.

STP Root Guard

This prevents edge devices not in the network administrator’s control from becoming Spanning Tree Protocol root nodes.

DHCP snooping

Filters out DHCP messages with unregistered IP addresses and/or from unexpected or untrusted interfaces. This prevents rogue devices from behaving as a DHCP server.

IP Source Guard (IPSG)

When IP Source Guard is enabled at a port, the switch filters out IP packets received from the port if the source IP addresses of the packets have not been statically configured or dynamically learned from DHCP snooping. This prevents IP address spoofing.

Dynamic ARP Inspection (DAI)

The switch discards ARP packets from a port if there are no static or dynamic IP/MAC bindings or if there is a discrepancy between the source or destination address in the ARP packet. This prevents man-in-the-middle attacks.

IP/MAC/Port Binding (IPMB)

The preceding features (DHCP Snooping, IP Source Guard, and Dynamic ARP Inspection) work together to prevent DoS attacks in the network, thereby increasing network availability.

Secure Core Technology (SCT)

Makes sure that the switch will receive and process management and protocol traffic no matter how much traffic is received.

Secure Sensitive Data (SSD)

A mechanism to manage sensitive data (such as passwords, keys, and so on) securely on the switch, populating this data to other devices, and secure autoconfig. Access to view the sensitive data as plaintext or encrypted is provided according to the user-configured access level and the access method of the user.

Layer 2 isolation Private VLAN Edge (PVE) with community VLAN

PVE (also known as protected ports) provides Layer 2 isolation between devices in the same VLAN, supports multiple uplinks.

Port security

Ability to lock source MAC addresses to ports and limit the number of learned MAC addresses.

RADIUS/TACACS+

Supports RADIUS and TACACS authentication. Switch functions as a client.

RADIUS accounting

The RADIUS accounting functions allow data to be sent at the start and end of services, indicating the amount of resources (such as time, packets, bytes, and so on) used during the session.

Storm control

Broadcast, multicast, and unknown unicast.

RADIUS accounting

The RADIUS accounting functions allow data to be sent at the start and end of services, indicating the amount of resources (such as time, packets, bytes, and so on) used during the session.

Config files can be edited with a text editor and downloaded to another switch, facilitating easier mass deployment

Smartports

Simplified configuration of QoS and security capabilities

Auto Smartports

Applies the intelligence delivered through the Smartport roles and applies it automatically to the port based on the devices discovered over Cisco Discovery Protocol or LLDP-MED. This facilitates zero-touch deployments.

Textview CLI

Scriptable command-line interface. A full CLI as well as a menu-based CLI is supported. User privilege levels 1, 7, and 15 are supported for the CLI.

Link up or down based on user-defined schedule (when the port is administratively up)

Login banner

Configurable multiple banners for web as well as CLI

Power Efficiency

Energy Detect

Automatically turns power off on Gigabit Ethernet and 10/100 RJ-45 port when detecting link down. Active mode is resumed without loss of any packets when the switch detects the link up.

Cable length detection

Adjusts the signal strength based on the cable length for Gigabit Ethernet models. Reduces the power consumption for cables shorter than 10m.

EEE compliant (802.3az)

Supports 802.3az on all copper ports (SG350 models)

Disable port LEDs

LEDs can be manually turned off to save on energy.

General

Jumbo frames

Frame sizes up to 9K (9216) bytes supported on 10/100 and Gigabit interfaces

MAC table

Up to 16K (16384) MAC addresses

Discovery

Bonjour

The switch advertises itself using the Bonjour protocol.

LLDP (802.1ab) with LLDP-MED extensions

Link Layer Discovery Protocol (LLDP) allows the switch to advertise its identification, configuration, and capabilities to neighboring devices that store the data in a MIB. LLDP-MED is an enhancement to LLDP that adds the extensions needed for IP phones.

Cisco Discovery Protocol (CDP)

The switch advertises itself using the Cisco Discovery Protocol. It also learns the connected device and its characteristics using Cisco Discovery Protocol.

Switches support 802.3at PoE+, 802.3af, 802.3xx 60W, and Cisco prestandard (legacy) PoE. Maximum power of 60W to any 10/100 or Gigabit Ethernet port for PoE+ supported devices and 15.4W for PoE supported devices, until the PoE budget for the switch is reached. The total power available for PoE per switch is as follows:

802.3af PoE, 802.3at PoE+, and 802.3xx 60W power are delivered over any of the RJ-45 ports within the listed power budgets

Model Name

Power Dedicated to PoE

Number of Ports That Support PoE

SF350-48P

382W

48

SF350-48MP

740W

48

SG350-10P

62W

8

SG355-10P

62W

8

SG350-10MP

124W

8

SG350-28P

195W

24

SG350-28MP

382W

24

PoE powered device and PoE passthrough

In addition to AC power, compact switch models can work as PoE powered devices and be powered by PoE switches connected to the uplink ports. The switch can also pass through the power to downstream PoE end devices if required. Maximum of 60W can be drawn per uplink port if the peer PoE switch supports 60W PoE. When multiple uplink ports are connected to PoE switches, the power drawn from these ports is combined. When AC power is connected and functioning properly, it will have priority over the PoE powered device function. The PoE powered device function will then act as a backup power source to the AC power. The PoE powered device function will be the primary power source for the switch if AC power is not connected.